java - Hibernate Spring security modified design how to -
i'm designing db model want have:
- user(id, role_id) (userdetails)
- permission(role_id, permission) (grantedauthority)
- role(id, description)
i'm using hibernate , spring security. want every role have list of permissions (grantedauthorities) using role_id rather specific user having that. i'm kinda lost designing that. i've came far:
public class user implements userdetails, serializable { @id @generatedvalue @column(name = "id") private int id; @column(name = "role_id", insertable = true, updatable = false) private int roleid; @onetomany(fetch = fetchtype.eager, mappedby = "user", cascade = cascadetype.all) private list<permission> permissions; } public class permission implements grantedauthority, serializable { @id @generatedvalue @column(name = "id") private int id; @column(name = "role_id", insertable = false, updatable = false) private int roleid; @column(name = "permission") private string permission; @manytoone(fetch = fetchtype.eager) @joincolumn(name = "role_id", nullable = false, insertable = false, updatable = false) private user user; } i've omitted not important code. role class isn't important spring security.
i know i'm making huge mistake somewhere can't seem figure out how fix it. issue joins 2 objects using user.id instead of user.roleid. i've tried different annotations can't hook correctly.
so raw issue i'm trying join 2 objects using property 1 , pk might mistake.
edit: i've tried specify referencedcolumnname on permission class didn't work either. user can't log in.
@manytoone(fetch = fetchtype.eager) @joincolumn(name = "role_id", nullable = false, insertable = false, updatable = false, referencedcolumnname = "role_id") private user user;
why want have design can backfire in future? have think ahead , apply design practices on project. topic pops here every day.
in spring context, role authority. have no idea why made complex design them. either can have 1) simple approach assign role in fact authority user or 2) more complex solution includes user, role , permission. idea assign permissions roles , assign roles user. in solution role entity serves purpose of grouping granted permissions 1 bundle, through authentication manager assign permissions through roles.
note: using common base @mappedsuperclass entities.
first, have user entity:
@entity @table(name = "user_t") public class user extends baseentity { @column(name = "username", nullable = false, unique = true) private string username; @column(name = "password", nullable = false) private string password; @manytomany @jointable(name = "user_role", joincolumns = @joincolumn(name = "user_id"), inversejoincolumns = @joincolumn(name = "role_id")) private set<role> role = new hashset<role>(); // builder/getters/setters } role entity
@entity(name = "role_t") @column(name = "role_name", nullable = false) private string rolename; @manytomany(fetch = fetchtype.eager) @jointable(name = "role_permission", joincolumns = @joincolumn(name = "role_id"), inversejoincolumns = @joincolumn(name = "permission_id")) private set<permission> permissions; // getters/setters } permission entity
@entity(name = "permission_t") public class permission extends baseentity implements grantedauthority { @column (name = "permission_name", nullable = false) private string permissionname; public string getpermissionname() { return permissionname; } public void setpermissionname(string permissionname) { this.permissionname = permissionname; } @override public string getauthority() { return permissionname; } @override public int hashcode() { return permissionname.hashcode(); } @override public boolean equals(object obj) { if(obj == null) return false; if(!(obj instanceof permission)) return false; return ((permission) obj).getauthority().equals(permissionname); } now in authenticationmanager or whatever decide use, loop throug roles , assign permissions assigned roles user, if makes sense.
customauthenticationprovider
public class appauthprovider implements authenticationprovider { private static final string permission_prefix = "role_permission_"; // logging user info @override public authentication authenticate(authentication authentication) throws authenticationexception { collection<grantedauthority> permissions = new hashset<grantedauthority>(); (role role : user.getrole()) { (permission perm : role.getpermissions()) { grantedauthority permission = new simplegrantedauthority(permission_prefix + perm.getpermissionname()); permissions.add(permission); } } usernamepasswordauthenticationtoken authtoken = new usernamepasswordauthenticationtoken(user, null, permissions); // user object service/repository return authtoken; } }
Comments
Post a Comment